Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP4:Update
libgit2.28263
0020-repo-allow-users-running-with-sudo-to-acce...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0020-repo-allow-users-running-with-sudo-to-access-their-r.patch of Package libgit2.28263
From 749f5fdbdc1a923ca3c49db328f448b613e75585 Mon Sep 17 00:00:00 2001 From: Edward Thomson <ethomson@edwardthomson.com> Date: Tue, 5 Jul 2022 23:47:15 -0400 Subject: [PATCH 20/20] repo: allow users running with sudo to access their repositories In the ownership checks implemented for CVE-2022-24765, we disallowed users to access their own repositories when running with `sudo`. Examine the `SUDO_UID` environment variable and allow users running with `sudo`. This matches git's behavior. --- src/path.c | 51 +++++++++++++++++++++++++++++++++++------------- src/path.h | 7 ++++++- src/repository.c | 3 ++- 3 files changed, 45 insertions(+), 16 deletions(-) diff --git a/src/path.c b/src/path.c index 606b2ed5e..309f24442 100644 --- a/src/path.c +++ b/src/path.c @@ -2173,27 +2173,36 @@ done: #else +static int sudo_uid_lookup(uid_t *out) +{ + git_buf uid_str = GIT_BUF_INIT; + int64_t uid; + int error; + + if ((error = git__getenv(&uid_str, "SUDO_UID")) == 0 && + (error = git__strntol64(&uid, uid_str.ptr, uid_str.size, NULL, 10)) == 0 && + uid == (int64_t)((uid_t)uid)) { + *out = (uid_t)uid; + } + + git_buf_dispose(&uid_str); + return error; +} + int git_path_owner_is( bool *out, const char *path, git_path_owner_t owner_type) { - uid_t uids[2] = { 0 }; - size_t uid_count = 0, i; struct stat st; + uid_t euid, sudo_uid; if (mock_owner) { *out = ((mock_owner & owner_type) != 0); return 0; } - if (owner_type & GIT_PATH_OWNER_CURRENT_USER) - uids[uid_count++] = geteuid(); - - if (owner_type & GIT_PATH_OWNER_ADMINISTRATOR) - uids[uid_count++] = 0; - - *out = false; + euid = geteuid(); if (p_lstat(path, &st) != 0) { if (errno == ENOENT) @@ -2203,13 +2212,27 @@ int git_path_owner_is( return -1; } - for (i = 0; i < uid_count; i++) { - if (uids[i] == st.st_uid) { - *out = true; - break; - } + if ((owner_type & GIT_PATH_OWNER_CURRENT_USER) != 0 && + st.st_uid == euid) { + *out = true; + return 0; + } + + if ((owner_type & GIT_PATH_OWNER_ADMINISTRATOR) != 0 && + st.st_uid == 0) { + *out = true; + return 0; + } + + if ((owner_type & GIT_PATH_OWNER_RUNNING_SUDO) != 0 && + euid == 0 && + sudo_uid_lookup(&sudo_uid) == 0 && + st.st_uid == sudo_uid) { + *out = true; + return 0; } + *out = false; return 0; } diff --git a/src/path.h b/src/path.h index bb51cff11..f697c8f3e 100644 --- a/src/path.h +++ b/src/path.h @@ -738,8 +738,13 @@ typedef enum { */ GIT_PATH_USER_IS_ADMINISTRATOR = (1 << 2), + /** + * The file is owned by the current user, who is running `sudo`. + */ + GIT_PATH_OWNER_RUNNING_SUDO = (1 << 3), + /** The file may be owned by another user. */ - GIT_PATH_OWNER_OTHER = (1 << 3) + GIT_PATH_OWNER_OTHER = (1 << 4) } git_path_owner_t; /** diff --git a/src/repository.c b/src/repository.c index ac32085da..2518c8b03 100644 --- a/src/repository.c +++ b/src/repository.c @@ -530,7 +530,8 @@ static int validate_ownership_path(bool *is_safe, const char *path) { git_path_owner_t owner_level = GIT_PATH_OWNER_CURRENT_USER | - GIT_PATH_USER_IS_ADMINISTRATOR; + GIT_PATH_USER_IS_ADMINISTRATOR | + GIT_PATH_OWNER_RUNNING_SUDO; int error = 0; if (path) -- 2.37.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor